2 files changed, 41 insertions, 35 deletions

diff --git a/bliki.tf b/bliki.tf
index 37e86d2..de77f91 100644
--- a/bliki.tf
+++ b/bliki.tf
@@ -7,14 +7,14 @@ terraform {
 }
 
 provider "aws" {
-  version = "~> 1.11"
+  version = "~> 2.11"
 
   region = "ca-central-1"
 }
 
 # CloudFront needs certificates in us-east-1.
 provider "aws" {
-  version = "~> 1.11"
+  version = "~> 2.11"
 
   alias  = "cloudfront"
   region = "us-east-1"
@@ -23,7 +23,7 @@ provider "aws" {
 data "terraform_remote_state" "dns" {
   backend = "s3"
 
-  config {
+  config = {
     bucket = "terraform.grimoire"
     key    = "dns.tfstate"
     region = "ca-central-1"
@@ -37,13 +37,13 @@ resource "aws_s3_bucket" "bliki" {
     index_document = "index.html"
   }
 
-  tags {
+  tags = {
     Project = "bliki"
   }
 }
 
 resource "aws_s3_bucket_policy" "bliki" {
-  bucket = "${aws_s3_bucket.bliki.id}"
+  bucket = aws_s3_bucket.bliki.id
   policy = <<POLICY
 {
   "Version":"2012-10-17",
@@ -57,10 +57,11 @@ resource "aws_s3_bucket_policy" "bliki" {
   ]
 }
 POLICY
+
 }
 
 resource "aws_acm_certificate" "bliki" {
-  provider = "aws.cloudfront"
+  provider = aws.cloudfront
 
   # There's a circular dependency between the zone, the distribution, and the
   # cert here. Rather than trying to figure out how to make Terraform solve it,
@@ -69,25 +70,25 @@ resource "aws_acm_certificate" "bliki" {
 
   validation_method = "DNS"
 
-  tags {
+  tags = {
     Project = "bliki"
   }
 }
 
 resource "aws_route53_record" "bliki_validation" {
-  zone_id = "${data.terraform_remote_state.dns.grimoire_ca_zone_id}"
-  ttl     = 60
-  name    = "${aws_acm_certificate.bliki.domain_validation_options.0.resource_record_name}"
-  type    = "${aws_acm_certificate.bliki.domain_validation_options.0.resource_record_type}"
+  zone_id = data.terraform_remote_state.dns.outputs.grimoire_ca_zone_id
+  ttl = 60
+  name = aws_acm_certificate.bliki.domain_validation_options[0].resource_record_name
+  type = aws_acm_certificate.bliki.domain_validation_options[0].resource_record_type
   records = [
-    "${aws_acm_certificate.bliki.domain_validation_options.0.resource_record_value}"
+    aws_acm_certificate.bliki.domain_validation_options[0].resource_record_value,
   ]
 }
 
 resource "aws_cloudfront_distribution" "bliki" {
-  provider = "aws.cloudfront"
+  provider = aws.cloudfront
 
-  enabled         = true
+  enabled = true
   is_ipv6_enabled = true
 
   aliases = ["grimoire.ca"]
@@ -97,34 +98,35 @@ resource "aws_cloudfront_distribution" "bliki" {
   price_class = "PriceClass_100"
 
   origin {
-    origin_id   = "bliki"
+    origin_id = "bliki"
+
     # Use the website endpoint, not the bucket endpoint, to get / -> /index.html
     # translation through S3's website config.
-    domain_name = "${aws_s3_bucket.bliki.website_endpoint}"
+    domain_name = aws_s3_bucket.bliki.website_endpoint
 
     custom_origin_config {
-      http_port  = 80
+      http_port = 80
       https_port = 443
 
       # Because the origin is a non-URL-safe bucket name, S3's default TLS
       # config doesn't apply. Since we can't provide our own cert, force HTTP.
       origin_protocol_policy = "http-only"
-      origin_ssl_protocols   = ["TLSv1.2"]
+      origin_ssl_protocols = ["TLSv1.2"]
     }
   }
 
   default_cache_behavior {
     target_origin_id = "bliki"
 
-    allowed_methods        = ["GET", "HEAD", "OPTIONS"]
-    cached_methods         = ["GET", "HEAD"]
+    allowed_methods = ["GET", "HEAD", "OPTIONS"]
+    cached_methods = ["GET", "HEAD"]
     viewer_protocol_policy = "redirect-to-https"
 
     compress = true
 
-    min_ttl     = 0
+    min_ttl = 0
     default_ttl = 900
-    max_ttl     = 3600
+    max_ttl = 3600
 
     forwarded_values {
       query_string = false
@@ -142,37 +144,37 @@ resource "aws_cloudfront_distribution" "bliki" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = "${aws_acm_certificate.bliki.arn}"
-    ssl_support_method       = "sni-only"
+    acm_certificate_arn = aws_acm_certificate.bliki.arn
+    ssl_support_method = "sni-only"
     minimum_protocol_version = "TLSv1"
   }
 
-  tags {
+  tags = {
     Project = "bliki"
   }
 }
 
 resource "aws_route53_record" "bliki_ip4" {
-  zone_id = "${data.terraform_remote_state.dns.grimoire_ca_zone_id}"
-  name    = ""
-  type    = "A"
+  zone_id = data.terraform_remote_state.dns.outputs.grimoire_ca_zone_id
+  name = ""
+  type = "A"
 
   alias {
-    name    = "${aws_cloudfront_distribution.bliki.domain_name}"
-    zone_id = "${aws_cloudfront_distribution.bliki.hosted_zone_id}"
+    name = aws_cloudfront_distribution.bliki.domain_name
+    zone_id = aws_cloudfront_distribution.bliki.hosted_zone_id
 
     evaluate_target_health = false
   }
 }
 
 resource "aws_route53_record" "bliki_ip6" {
-  zone_id = "${data.terraform_remote_state.dns.grimoire_ca_zone_id}"
-  name    = ""
-  type    = "AAAA"
+  zone_id = data.terraform_remote_state.dns.outputs.grimoire_ca_zone_id
+  name = ""
+  type = "AAAA"
 
   alias {
-    name    = "${aws_cloudfront_distribution.bliki.domain_name}"
-    zone_id = "${aws_cloudfront_distribution.bliki.hosted_zone_id}"
+    name = aws_cloudfront_distribution.bliki.domain_name
+    zone_id = aws_cloudfront_distribution.bliki.hosted_zone_id
 
     evaluate_target_health = false
   }
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}